CVE-2025-2857 PoC — Mozilla Firefox和Mozilla Firefox ESR 安全漏洞

Source

https://github.com/ubisoftinc/CVE-2025-2857

Associated Vulnerability

Title:Mozilla Firefox和Mozilla Firefox ESR 安全漏洞 (CVE-2025-2857)
Description:Mozilla Firefox和Mozilla Firefox ESR都是美国Mozilla基金会的产品。Mozilla Firefox是一款开源Web浏览器。Mozilla Firefox ESR是Firefox(Web浏览器)的一个延长支持版本。 Mozilla Firefox 136.0.4之前版本和Mozilla Firefox ESR 128.8.1之前版本和115.21.1之前版本存在安全漏洞，该漏洞源于受损的子进程可能导致父进程返回意外强大的句柄，从而导致沙箱逃逸。

Description

A Firefox and Tor Browser compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape

Readme

# CVE-2025-2857
A Firefox and Tor Browser compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape
> Run as root

# Install

```
sudo apt update
sudo apt install git
git clone https://github.com/ubisoftinc/CVE-2025-2857.git
cd CVE-2025-2857
chmod +x CVE-2025-2857
chmod +x install.sh
sudo bash install.sh
```

# Usage
```
./CVE-2025-2857 -o webpage/
```

File Snapshot


 [4.0K]  /data/pocs/e3b93aab07917ce2481a14d770864c3b11c0f24e
├── [2.0M]  CVE-2025-2857
├── [1.6K]  install.sh
└── [ 428]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!